Systems Management Question

Microsoft LAPS

Recently Microsoft released an updated version of LAPS
(Local Admin Password System). We have a lab here at the office where I'm
testing it on a DC & a few Windows boxes.It works well, but here is my question.

It "appears" to only work with the "Built in
admin" account, and not any created ones.When we deploy a new box we disable the built in admin account and a
script creates a new separate admin account.Will this software monitor and change CREATED admin accounts & not
just the built in one?My suspicion is
no it won’t, because it only monitors a specific common GUID that is related to
the built in account.Any thoughts or
help is appreciated!

Comments

All Answers

This is not the case. As can be seen in the screen shot of the GPO settings here, you can enable "Name of administrator account to manage" and specify the name of the account that you have created to replace the one with the -500 SID.

You are incorrect. As you can see from the screen shot here, you can set the "Name of the administrator account to manage" to enabled and specify the name of the account that you used to replace the account with the -500 SID.

Moving on...where does my post try to instruct anybody on what a GUID is? I merely mention it to highlight the point that the account could be called anything you like, as Windows itself doesn't care. Did you mean to say "on where a GUID is used"?

The OP asked:

Will this software monitor and change CREATED admin accounts

Note the word 'accountS', plural. Answer? No, it will monitor and change only one, although that account doesn't have to be the built-in Administrator account, as we have discussed.

For me, this thread neatly illustrates the importance of phrasing questions and answers correctly. Had the OP asked "Will this software monitor and change an account with which we replace the built-in Administrator account?" perhaps we could've resolved the question without distractions.

I took this from the Executive Summary right after download: Purpose of this document is to provide reader with detailed technical specification of solution for management of password of local (built-in or custom) Administrator password on domain-joined computers (servers and workstations).

-1

Dude, learn how Windows uses GUIDs not 'proper' names. How do you think it manages non-English versions of Windows?

@OP, using your lab, I'd say that you've answered your own question. Did it control the non-standard admin accounts? No.

Share

This website uses cookies.
By continuing to use this site and/or clicking the "Accept" button you are providing consent
Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our
websites or when you do business with us. For more information about our
Privacy Policy and our data protection
efforts, please visit
GDPR-HQ